Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Running WordPress? Got webshot enabled? Turn it off or you’re toast

  • Please log in to reply
No replies to this topic

#1 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,862 posts
  • Gender:Male
  • Location: Australia
  • Local time:11:53 AM

Posted 26 June 2014 - 07:02 PM

A zero-day vulnerability in the popular TimThumb plugin for WordPress leaves many websites vulnerable to exploits that allow unauthorized attackers to execute malicious code, security researchers have warned.
The vulnerability, which was disclosed Tuesday on the Full Disclosure mailing list, affects WordPress sites that have TimThumb installed with the webshot option enabled. Fortunately, it is disabled by default, and sites that are hosted on WordPress.com are also not susceptible. Still, at press time, there was no patch for the remote-code execution hole. People who are unsure if their WordPress-enabled site is vulnerable should open the timthumb file inside their theme or plugin directory, search for the text string "WEBSHOT_ENABLED," and ensure that it's set to false.


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users